fixes for Lucho's review

auth0 · Mar 2, 2018 · 4246215 · 4246215
1 parent 96bbf14
commit 4246215
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 10 deletions.
diff --git a/README.md b/README.md
@@ -26,8 +26,8 @@ Check our docs page to get a complete guide on how to install it in an existing
 
 ## Security Upgrade Notes 5.1.0+
 
-**State validation** is now default behaviour for improved security. By default this will automatically use **Session Storage** and will
-apply if you are using the combination of the `Auth0->login()` method to call the `/authorize` endpoint and using any method which calls the `Auth0->exchange()` method in your callback.
+**State validation** is now default behaviour for improved security. By default this will automatically use **Session Storage** and will apply if you are using the combination of the `Auth0->login()` method to call the `/authorize` endpoint and using any method which calls the `Auth0->exchange()` method in your callback.
+
 If you require custom storage methods you can implement your own [StateHandler](https://github.com/auth0/auth0-PHP/blob/master/src/API/Helpers/State/StateHandler.php) and set it using the `state_handler` key when you initialize an `Auth0` instance.
 
 **Important:** If you are using the `Auth0->exchange()` and using a method other than `Auth0->login()` to generate the Authorize URL you can disable the *StateHandler* by setting the `state_handler` key to `false` when you initialize the `Auth0` instance. However, it is **Highly Recommended** to implement state validation.

diff --git a/src/API/Helpers/State/SessionStateHandler.php b/src/API/Helpers/State/SessionStateHandler.php
@@ -3,7 +3,6 @@
 namespace Auth0\SDK\API\Helpers\State;
 
 use Auth0\SDK\Store\SessionStore;
-use Auth0\SDK\Exception\CoreException;
 
 /*
  * This file is part of Auth0-PHP package.
@@ -54,10 +53,12 @@ public function store($state) {
 
     /**
      * Perform validation of the returned state with the previously generated state.
-     * 
-     * @param  string $state
-     * 
-     * @throws exception
+     *
+     * @param string $state
+     *
+     * @return bool
+     *
+     * @throws \Exception
      */
     public function validate($state) {
         $valid = $this->store->get(self::STATE_NAME) == $state;

diff --git a/src/API/Helpers/State/StateHandler.php b/src/API/Helpers/State/StateHandler.php
@@ -18,7 +18,8 @@
  *
  * @author Auth0
  */
-interface StateHandler {
+interface StateHandler
+{
 
     /**
      * Generate state value to be used for the state param value during authorization.

diff --git a/src/Auth0.php b/src/Auth0.php
@@ -273,8 +273,8 @@ public function login($state = null, $connection = null, $additional_params = []
     }
 
     $params['response_mode'] = $this->response_mode;
-
-    if($additional_params) {
+    
+    if( ! empty( $additional_params ) && is_array( $additional_params ) ) {
       $params = array_replace($params, $additional_params);
     }